The only generally-exploitable bug in the above list is the
crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in
ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd
have a security component, but are all below 1.8 CVSS score,
so we're reporting them here:

Bug 2382 : Peer precision < -31 gives division by zero

Bug 1774 : Segfaults if cryptostats enabled when built
without OpenSSL